PALO ALTO, Calif., Nov. 25, 2025 /PRNewswire/ — Salt Security, the leader in AI agent and API security, today announced Salt MCP Finder technology, the industry’s first dedicated discovery engine for Model Context Protocol (MCP) servers, the fast-proliferating infrastructure powering agentic AI. MCP Finder provides organizations with a complete, authoritative view of their MCP footprint at a moment when MCP servers are being deployed rapidly, often without IT or security awareness.
As businesses move faster to use agentic AI, MCP servers have become the go-to API broker that lets AI agents perform things like get data, start tools, run workflows, and connect with internal systems. But this new power comes with a new problem: anyone can use MCP servers anywhere, and there are essentially no rules to follow.
- Developers spin them up for prototyping.
- Business units deploy them to connect agents to SaaS tools.
- Vendors and contractors introduce them during integration projects.
- Open-source MCP servers get dropped into repos and shipped to production.
- Internal business teams are deploying MCPs alongside new internal APIs to support shadow agentic workflows, outside the visibility of IT or security.
This surge of adoption is happening on top of broken internal API governance in most companies, which increases risk. Once they are set up, MCP servers are easy to go to, which lets agents connect and run processes with little supervision. This is a big risk to operations.
The result is a rapidly developing API mesh of AI-connected infrastructure that most central security teams can’t see. Companies don’t know:
- How many MCP servers are deployed across the enterprise
- Who owns or controls each server
- What APIs and data each server exposes
- What actions agents can perform through accessible MCP tools
- Whether corporate security standards are followed and basic security controls like authentication, authorization, and logging are in place
Recent observations from the industry show why this visibility crisis is important. One survey found that more than 16,000 MCP servers were already set up in Fortune 500 businesses just ten months after the MCP was released. Another study found that 33% of 1,000 MCP servers had a serious security hole and that the typical MCP server had more than five. As businesses grow their agentic workloads, MCP is soon becoming one of the biggest sources of “Shadow AI.”
Gartner® says that “Most tech providers are still not ready for the rise in agent-driven API usage.” Gartner says that by 2028, 80% of companies will have AI agents using most of their APIs instead of human developers.
Gartner also said, “As agentic AI changes business systems, tech CEOs who know and use MCP would help the company grow, make sure it is used responsibly, and stay ahead of the competition in the changing AI landscape.” If you don’t pay attention to MCP, you could slip behind as composability and interoperability grow more important. To stay ahead in the age of agentic AI, tech CEOs need to put MCP first. MCP is the basis for safe and effective collaboration between autonomous agents. It immediately addresses issues of trust, security, and cost.
A requirement for controlling the AI Action Layer
Salt’s MCP Finder technology answers the most basic problem: you can’t keep an eye on, protect, or control AI agents until you know what attack surfaces are out there. That surface has a lot of MCP servers on it.
Nick Rago, VP of Product Strategy at Salt Security, remarked, “You can’t secure what you can’t see.” “An autonomous agent can take action on any MCP server. Our MCP Finder technology enables CISOs the one source of truth they need to ultimately answer the most crucial issue in agentic AI: What can my AI agents do in my business?
Salt’s MCP Finder technology gives you a full, automatic MCP inventory across three levels of discovery.
Salt’s MCP Finder technology brings together MCP discovery from three different systems to create a single, reliable registry:
- External Discovery – Salt Surface
Identifies MCP servers exposed to the public internet, including misconfigured, abandoned, and unknown deployments. - Code Discovery – GitHub Connect
Using Salt’s recently announced GitHub Connect capability, MCP Finder inspects private repositories to uncover MCP-related APIs, definitions, shadow integrations, and blueprint files before they’re deployed. - Runtime Discovery – Agentic AI Behavior Mapping
Analyzes real traffic from agents to observe which MCP servers are in use, what tools they invoke, and how data flows through them.
When used together, these sources give businesses the one source of truth they need to see risk, implement posture control, and use AI safety rules that go beyond the model and into the real world.
The Salt Illuminate platform now has Salt’s MCP Finder technology as a core feature.
*Source: Protect Your Customers by Gartner Research Adrian Lee and Marissa Schmidt’s “Next-Level Agentic AI With Model Context Protocol” will be published in November 2025.
GARTNER is a trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and across the world. We use it here with permission. All rights are reserved.
What is Salt Security?
The Salt protection API Protection Platform provides full AI-powered protection, allowing businesses to confidently manage and protect their APIs throughout their entire lifecycle, no matter where they are deployed. Salt makes a strong, closed-loop security system by combining its deep, contextual API threat detection with AWS services like AWS WAF. Salt’s platform gives you a full view of the API Fabric and lets you explore it all at once. It also lets you govern the API posture proactively and fight against threats in real time.
